Tesla’s Model 3 To Enter The Toughest Hacking Contest, Pwn2Own

Tesla is entering its brand new Model 3 sedan to compete in Pwn2Own, the hacking contest. Guess what is the takeaway, a Model 3 sedan itself. 

Tesla’s Model 3 To Enter The Toughest Hacking Contest, Pwn2Own

It is the first time that a car has been included in a high profile hacking contest held annually. Tesla is entering its brand new Model 3 sedan to compete in Pwn2Own, the hacking contest. Guess what is the takeaway, a Model 3 sedan itself. 

Famed for its toughness, Pwn2Own is in its 12th year run by TrendMicro’s Zero Day Initiative. It’s is the toughest of its kind. ZDI has by now awarded more than $4 million over its lifetime. This is something beyond the imagination and capability of world leaders in technology.

The hacking contest featured five categories, including web browsers, virtualization software, enterprise applications server-side software, and of course, the new automotive category. ZDI has chosen products from bigwigs of the like of Apple, Google, Microsoft, Mozilla, Oracle, VMware. Not to forget Tesla. The contest runs in conjunction with the CanSec West conference.

Tesla’s relationship with the hacker community has begun since 2014 when they launched the first bug bounty program. Ever since the relationship has grown and evolved. They increased the reward from $10,000 to $15,000 adding other energy products too. Now, Tesla’s vehicles and all directly hosted servers, services and applications are included within the bounty program. This is part of Tesla’s security measures.

The next measure Tesla incorporated was allowing owners to hack their cars sticking to the rules. This is a major development in the bug bounty program used to provide a safe harbor for the cars. Tesla promises in its security policy that if it is through good faith, that the security research is to brick your car, it will be accepted and the company will eventually reflash the software either over the air or at a service center. Alternatively, Tesla will not void the warranty if they can hack their software either. This is a huge leap in the security session of cars from Tesla.

The reason behind which Tesla and other automakers have launched the bug bounty programs is that these vehicles are software-centric that has changed the industry by using over the air software updates for fixing glitches and security problems and improve the performance as well as adding new features. This brings a ray of hope to the users that their cars will evolve to more robust technology over time.

Security issues will be apparent. Tesla has been premier automotive to release quite a lot of security improvements, which includes cryptographic validation of its software, most robust cryptography for its key fobs and the launch of PIN-to-Drive to prevent relay attacks on key-fob cloning. These measures make Tesla a forerunner of the cars of the future. You can be sure there will be one or more of these security measures or your car and hold the technology in your hands.

Security researchers explain the step taken is in the right direction and capable of reducing the legal liability of hackers who have argued about the cybersecurity hacking laws that the US has made restrictive. The company assures that no copyright infringement claims will be brought against those working on the bug bounty rules, which is seen as a legal tool for many companies to stifle security research.

The new bug bounty from Tesla that went into effect during the Def Con security conference, was in response to those who were worried over hacking the cars that would probably affect their warranty.

Chief technology officer of Bugcrowd, Casey Ellis which looks over the bug bounty of Tesla, added that the bell is ringing for good-faith security research. The step forward taken by Tesla will be served as a benchmark for others to follow until best practices are set and the help of friendly hackers is on the rise.

Tesla is in the footsteps of tech giants who have pushed for safe harbor exceptions for security researchers. The steps are taken to protect bug bounty participants vary from one company to the other. Dropbox took the first step to change the program and shield the security researchers from legal action. Mozilla joined the race a few months later.

Very few vulnerabilities may be found at the Pwn2Own hacking contest. A TrendMicro spokesperson was quoted saying, the percentage of successful attempts varies, usually around 50% of available targets. The possibility is bleak that the researchers will ever enter the automotive category, as it’s a brand new field. And she said adding that they hope more of the people will enter and see what the state of the art in automotive research is.

What's Your Reaction?